Add gutenberg-related mod_security rules

These should help with converting widgets from legacy to
new 'blocks'.

docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

@@ -69,3 +69,17 @@ SecRule REQUEST_URI "@beginsWith /" \
     ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:message_body,\
     ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:text"
 
+# Gutenberg-related requests.
+SecRule REQUEST_URI "@beginsWith /wp-json/batch/v1" \
+    "id:1007,\
+    phase:2,\
+    pass,\
+    nolog,\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:requests.requests.body.instance.raw.content"
+SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/widget-types/text/encode" \
+    "id:1008,\
+    pass,\
+    nolog,\
+    ctl:ruleEngine=Off"
+
+